How to use Flask-WTForms CSRF protection with AJAX?

前端未结

关注

 1  1693

Flask-WTForms provides CSRF protection. It works great when using normal HTML forms, but the process is less clear when using AJAX. I have a file upload in my form, and I spli

相关标签:

1条回答

无人及你

2021-02-05 12:12

The documentation speaks a bit about implementing CSRF protection with regards to AJAX.

You can enable the module:

from flask_wtf.csrf import CsrfProtect

CsrfProtect(app)

and then use this in your AJAX POST call:

<meta name="csrf-token" content="{{ csrf_token() }}">

var csrftoken = $('meta[name=csrf-token]').attr('content')

$.ajaxSetup({
    beforeSend: function(xhr, settings) {
        if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken)
        }
    }
})

Hope this helps!

0 讨论(0)